REMARKS 

Applicant respectfully requests reconsideration and allowance of the 
subject application. 

• Claims 2-3, 13-15, and 22-23 are presently canceled without 
prejudice. 

• Claims 1, 4, 5, 12, 20, 21, and 24 are amended. 

• Claims 1, 4-12, 16-21, and 24-28 are pending. 

Applicant thanks the Examiner for the detailed analysis presented in the 
Office Action. 

Interview 

Applicant thanks the Examiner for the telephonic interview conducted on 
April 4, 2006. An Interview Summary was issued by the Examiner on April 10, 
2006, and agreement with respect to the claims was reached . Specifically, the 
Examiner noted that, subject to further consideration upon submission of a formal 
amendment, the proposed modification of claiming in combination a global 
screening section and an individual screening section, where the two sections are 
distinct from one another, appears to overcome the prior art of record. The claims 
are so modified, as discussed below, and hence Applicant believes that the 
Application is in condition for allowance. 
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Claim Rejections under 35 U.S.C. § 112 

Claims 2, 3, and 5 stand rejected under 35 U.S.C. § 1 12, second paragraph, 
as being indefinite. Claims 2 and 3 are canceled and claim 5 is amended to 
obviate the rejection. 

Claim Rejections under 35 U.S.C. g 102 

Claims 1-28 are rejected under 35 U.S.C. § 102 as being anticipated by an 
article titled, "Abstracting Application-Level Web Security" by David Scott and 
Richard Sharp (hereinafter, "Scott"). Applicant respectfully traverses the 
rejection. 

Claim 1 is amended to incorporate the features of claims 2 and 3 (now 
canceled) and to clarify that two distinct screening sections are employed. Claim 
1, as amended, is rewritten below: 

1 . A method, comprising: 

receiving data input through a web page from a client device; 

referencing a declarative module to determine a client input 
security screen to apply to the data input from the client device, 
wherein the declarative module comprises: 

a global section that includes at least one client input 
security screen that applies to any type of client input 
value; and 

an individual values section that includes at least one 
client input security screen that applies to a particular type 
of client input value; and 

applying multiple client input security screens to the data 
input from the client device, including at least one client input 
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security screen from the global section of the declarative module and 
at least one client input security screen from the individual values 
section of the declarative module, wherein the client input security 
screens are distinct from one another. 



The two screens form the two sections are distinct from each other. As 
described in the specification with respect to Fig. 2, the client input security 
screening (CISS) unit 232 includes a global screen 234 and value screen 236. 
Beginning at page 8, line 5 (approximately, paragraph 33): 

The CISS unit 232 includes a global screening portion 234 that is 
configured for all types of input values received from the client 208. 
Although not required, the global screening portion 234 of the CISS 
unit 232 may be pre-defined for all web.config files (i.e. all projects) 
in the server 200. Providing a pre-defined global screening portion 
234 in the web.config file 202 ensures that page developers may not 
override certain system-wide security screening features. 
Additionally, a single web.config file may be provided for more than 
one project to serve as a global security screening function. 

The CISS unit 232 also includes a values screening portion 236 
that is configured to screen individual types of values that may be 
received from the client 208 (e.g., URL parameters, header values, 
form values, cookies). Although the global screening portion 234 
may be configured to screen certain values from all types of client 
input, the values screening portion 236 may screen certain values 
from only one (or more than one, but not all) type of input value by 
including individual value screens, one for each particular type of 
input value. In other words, each such individual value screen only 
screens a single form of input, but multiple individual value screens 
may be included to cover all types of expected input. 



Further, the specification describes with respect to Fig. 3 a two-stage 
screening process involving both global screening and individual values screening. 
The Office is directed to the discussion beginning on page 9, line 7. 
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Scott does not disclose these features. The Office agrees. As noted in the 
Interview Summary, "The examiner agreed that, at this moment of cursory review, 
these proposed changes appear to overcome the prior art." 

Applicant respectfully requests reconsideration of claim 1 and withdrawal 
of the rejection. 

Claims 2-3 are canceled as being incorporated into claim 1 . 

Claims 4-11 depend directly, or indirectly, from claim 1 and are allowable 
by virtue of this dependency. Moreover, these claims recite features that, when 
taken together with those of claim 1, define methods not disclosed by Scott. 

Claim 12 is amended in a manner similar to claim 1. As modified, claim 
12 is allowable over Scott, and Applicant respectfully requests reconsideration and 
withdrawal of the rejection. 

Claims 13-15 are canceled as being incorporated into claim 12. 

Claims 16-20 depend directly, or indirectly, from claim 12 and are 
allowable by virtue of this dependency. Moreover, these claims recite features 
that, when taken together with those of claim 12, define systems not disclosed in 
Scott. 

Claim 21 is amended in a manner similar to claim 1. As modified, claim 
2 1 is allowable over Scott, and Applicant respectfully requests reconsideration and 
withdrawal of the rejection. 

Claims 22-23 are canceled as being incorporated into claim 21. 

Claims 24-28 depend directly, or indirectly, from claim 21 and are 
allowable by virtue of this dependency. 
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Conclusion 

Claims 1, 4-12, 16-21, and 24-28 are in condition for allowance. Applicant 
respectfully requests reconsideration and issuance of the subject application. 
Should any matter in this case remain unresolved, the undersigned attorney 
respectfully requests a telephone conference with the Examiner to resolve any 
such outstanding matter . 



Respectfully Submitted, 





Lewis C Lee 
Reg. No. 34,656 
(509)324-9256 x211 
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